Jump to content
Not connected, Your IP: 3.17.175.167
Sign in to follow this  
nexxus

SSL certificate problem

Recommended Posts

Hi, since a couple of days I'm getting following problem on a Macbook AIr & Eddie and cant connect anymore:

 

 

 

I 2018.01.23 16:21:37 - Eddie version: 2.13.6 / macos_x64, System: MacOS, Name: 10.9.5, Version: Darwin MacBook-Air-532.local 13.4.0 Darwin Kernel Version 13.4.0: Mon Jan 11 18:17:34 PST 2016; root:xnu-2422.115.15~1/RELEASE_X86_64 x86_64, Mono/.Net Framework: v4.0.30319
. 2018.01.23 16:21:37 - Reading options from /Users/User1/.airvpn/AirVPN.xml
. 2018.01.23 16:21:38 - Command line arguments (0):
I 2018.01.23 16:21:40 - OpenVPN Driver - Expected
I 2018.01.23 16:21:40 - OpenVPN - Version: 2.4.3 - OpenSSL 1.0.2l  25 May 2017, LZO 2.10 (/Applications/Eddie.app/Contents/MacOS/openvpn)
I 2018.01.23 16:21:40 - SSH - Version: OpenSSH_6.2p2, OSSLShim 0.9.8r 8 Dec 2011 (/usr/bin/ssh)
I 2018.01.23 16:21:40 - SSL - Version: stunnel 5.40 (/Applications/Eddie.app/Contents/MacOS/stunnel)
I 2018.01.23 16:21:40 - curl - Version: 7.30.0 (/usr/bin/curl)
I 2018.01.23 16:21:40 - Certification Authorities: /Applications/Eddie.app/Contents/MacOS/cacert.pem
. 2018.01.23 16:21:40 - Updating systems & servers data ...
! 2018.01.23 16:21:40 - Ready
. 2018.01.23 16:21:42 - Systems & servers data update completed
I 2018.01.23 16:21:46 - Session starting.
. 2018.01.23 16:21:46 - IPv6 disabled on network adapter (Bluetooth DUN)
. 2018.01.23 16:21:46 - IPv6 disabled on network adapter (Thunderbolt Ethernet)
. 2018.01.23 16:21:46 - IPv6 disabled on network adapter (Wi-Fi)
. 2018.01.23 16:21:47 - IPv6 disabled on network adapter (iPhone)
. 2018.01.23 16:21:47 - IPv6 disabled on network adapter (Thunderbolt Ethernet 2)
. 2018.01.23 16:21:47 - IPv6 disabled on network adapter (Bluetooth PAN)
I 2018.01.23 16:21:59 - Checking authorization ...
! 2018.01.23 16:22:00 - Connecting to Heze (United States, Fremont, California)
. 2018.01.23 16:22:00 - OpenVPN > OpenVPN 2.4.3 x86_64-apple-darwin16.6.0 [sSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 23 2017
. 2018.01.23 16:22:00 - OpenVPN > library versions: OpenSSL 1.0.2l  25 May 2017, LZO 2.10
. 2018.01.23 16:22:00 - Connection to OpenVPN Management Interface
. 2018.01.23 16:22:00 - OpenVPN > MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:3100
. 2018.01.23 16:22:00 - OpenVPN > Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2018.01.23 16:22:00 - OpenVPN > Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2018.01.23 16:22:00 - OpenVPN > TCP/UDP: Preserving recently used remote address: [AF_INET]46.21.151.106:443
. 2018.01.23 16:22:00 - OpenVPN > Socket Buffers: R=[196724->262144] S=[9216->262144]
. 2018.01.23 16:22:00 - OpenVPN > UDP link local: (not bound)
. 2018.01.23 16:22:00 - OpenVPN > UDP link remote: [AF_INET]46.21.151.106:443
. 2018.01.23 16:22:00 - OpenVPN > MANAGEMENT: Client connected from [AF_INET]127.0.0.1:3100
. 2018.01.23 16:22:00 - OpenVPN > TLS: Initial packet from [AF_INET]46.21.151.106:443, sid=c6c0e191 f9de6557
. 2018.01.23 16:22:00 - OpenVPN > VERIFY OK: depth=1, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
. 2018.01.23 16:22:00 - OpenVPN > VERIFY KU OK
. 2018.01.23 16:22:00 - OpenVPN > Validating certificate extended key usage
. 2018.01.23 16:22:00 - OpenVPN > ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
. 2018.01.23 16:22:00 - OpenVPN > VERIFY EKU OK
. 2018.01.23 16:22:00 - OpenVPN > VERIFY OK: depth=0, C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=server, emailAddress=info@airvpn.org
. 2018.01.23 16:22:01 - OpenVPN > Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
. 2018.01.23 16:22:01 - OpenVPN > [server] Peer Connection Initiated with [AF_INET]46.21.151.106:443
. 2018.01.23 16:22:02 - OpenVPN > SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)
. 2018.01.23 16:22:02 - OpenVPN > PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1 bypass-dhcp,dhcp-option DNS 10.4.0.1,comp-lzo no,route-gateway 10.4.0.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.4.62.134 255.255.0.0'
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: timers and/or timeouts modified
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: compression parms modified
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: --ifconfig/up options modified
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: route options modified
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: route-related options modified
. 2018.01.23 16:22:02 - OpenVPN > OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
. 2018.01.23 16:22:02 - OpenVPN > Data Channel Encrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2018.01.23 16:22:02 - OpenVPN > Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2018.01.23 16:22:02 - OpenVPN > Data Channel Decrypt: Cipher 'AES-256-CBC' initialized with 256 bit key
. 2018.01.23 16:22:02 - OpenVPN > Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication
. 2018.01.23 16:22:02 - OpenVPN > ROUTE_GATEWAY 192.168.0.1/255.255.255.0 IFACE=en0 HWADDR=64:76:ba:a6:88:fe
. 2018.01.23 16:22:02 - OpenVPN > Opened utun device utun0
. 2018.01.23 16:22:02 - OpenVPN > do_ifconfig, tt->did_ifconfig_ipv6_setup=0
. 2018.01.23 16:22:02 - OpenVPN > /sbin/ifconfig utun0 delete
. 2018.01.23 16:22:02 - OpenVPN > ifconfig: ioctl (SIOCDIFADDR): Can't assign requested address
. 2018.01.23 16:22:02 - OpenVPN > NOTE: Tried to delete pre-existing tun/tap instance -- No Problem if failure
. 2018.01.23 16:22:02 - OpenVPN > /sbin/ifconfig utun0 10.4.62.134 10.4.62.134 netmask 255.255.0.0 mtu 1500 up
. 2018.01.23 16:22:02 - OpenVPN > /sbin/route add -net 10.4.0.0 10.4.62.134 255.255.0.0
. 2018.01.23 16:22:02 - OpenVPN > add net 10.4.0.0: gateway 10.4.62.134
. 2018.01.23 16:22:02 - OpenVPN > /sbin/route add -net 46.21.151.106 192.168.0.1 255.255.255.255
. 2018.01.23 16:22:02 - OpenVPN > add net 46.21.151.106: gateway 192.168.0.1
. 2018.01.23 16:22:02 - OpenVPN > /sbin/route add -net 0.0.0.0 10.4.0.1 128.0.0.0
. 2018.01.23 16:22:02 - OpenVPN > add net 0.0.0.0: gateway 10.4.0.1
. 2018.01.23 16:22:02 - OpenVPN > /sbin/route add -net 128.0.0.0 10.4.0.1 128.0.0.0
. 2018.01.23 16:22:02 - OpenVPN > add net 128.0.0.0: gateway 10.4.0.1
. 2018.01.23 16:22:03 - DNS of a network adapter forced (Wi-Fi, from Automatic to 10.4.0.1)
. 2018.01.23 16:22:03 - DNS of a network adapter forced (Thunderbolt Ethernet 2, from Automatic to 10.4.0.1)
. 2018.01.23 16:22:03 - Flushing DNS
I 2018.01.23 16:22:03 - Checking route
. 2018.01.23 16:22:03 - curl: (60) SSL certificate problem: Invalid certificate chain
. 2018.01.23 16:22:03 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2018.01.23 16:22:03 -     curl performs SSL certificate verification by default, using a "bundle"
. 2018.01.23 16:22:03 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2018.01.23 16:22:03 -     bundle file isn't adequate, you can specify an alternate file
. 2018.01.23 16:22:03 -     using the --cacert option.
. 2018.01.23 16:22:03 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2018.01.23 16:22:03 -     the bundle, the certificate verification probably failed due to a
. 2018.01.23 16:22:03 -     problem with the certificate (it might be expired, or the name might
. 2018.01.23 16:22:03 -     not match the domain name in the URL).
. 2018.01.23 16:22:03 -     If you'd like to turn off curl's verification of the certificate, use
. 2018.01.23 16:22:03 -     the -k (or --insecure) option.
. 2018.01.23 16:22:03 - Checking route (2° try)
. 2018.01.23 16:22:05 - curl: (60) SSL certificate problem: Invalid certificate chain
. 2018.01.23 16:22:05 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2018.01.23 16:22:05 -     curl performs SSL certificate verification by default, using a "bundle"
. 2018.01.23 16:22:05 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2018.01.23 16:22:05 -     bundle file isn't adequate, you can specify an alternate file
. 2018.01.23 16:22:05 -     using the --cacert option.
. 2018.01.23 16:22:05 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2018.01.23 16:22:05 -     the bundle, the certificate verification probably failed due to a
. 2018.01.23 16:22:05 -     problem with the certificate (it might be expired, or the name might
. 2018.01.23 16:22:05 -     not match the domain name in the URL).
. 2018.01.23 16:22:05 -     If you'd like to turn off curl's verification of the certificate, use
. 2018.01.23 16:22:05 -     the -k (or --insecure) option.
. 2018.01.23 16:22:05 - Checking route (3° try)
. 2018.01.23 16:22:08 - curl: (60) SSL certificate problem: Invalid certificate chain
. 2018.01.23 16:22:08 -     More details here: http://curl.haxx.se/docs/sslcerts.html
. 2018.01.23 16:22:08 -     curl performs SSL certificate verification by default, using a "bundle"
. 2018.01.23 16:22:08 -     of Certificate Authority (CA) public keys (CA certs). If the default
. 2018.01.23 16:22:08 -     bundle file isn't adequate, you can specify an alternate file
. 2018.01.23 16:22:08 -     using the --cacert option.
. 2018.01.23 16:22:08 -     If this HTTPS server uses a certificate signed by a CA represented in
. 2018.01.23 16:22:08 -     the bundle, the certificate verification probably failed due to a
. 2018.01.23 16:22:08 -     problem with the certificate (it might be expired, or the name might
. 2018.01.23 16:22:08 -     not match the domain name in the URL).
. 2018.01.23 16:22:08 -     If you'd like to turn off curl's verification of the certificate, use
. 2018.01.23 16:22:08 -     the -k (or --insecure) option.
E 2018.01.23 16:22:08 - Checking route failed.
. 2018.01.23 16:22:08 - OpenVPN > Initialization Sequence Completed
! 2018.01.23 16:22:08 - Disconnecting
. 2018.01.23 16:22:08 - Sending management termination signal
. 2018.01.23 16:22:08 - Management - Send 'signal SIGTERM'
. 2018.01.23 16:22:13 - Connection terminated.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Sign in to follow this  

×
×
  • Create New...